No IE Fix In Massive Microsoft Security Update

Microsoft will have its biggest Patch Tuesday for some time next week, with plans to fix 26 vulnerabilities, but this week’s new Internet Explorer vulnerability is not one of them.

The updates will come in 13 security bulletins on 9 FEbruary, this month’s “Patch Tuesday“, as Microsoft’s regular cycle of updates is known. Five of the bulletins are rated critical, seven are rated important and one is rated moderate. All but two of the bulletins address security issues in Windows, with the other two dealing with issues in Microsoft Office.

All told, the updates address 26 vulnerabilities, though exact details for most of the bugs were not made public. Microsoft said it plans to patch an escalation-of-privilege issue in the Windows kernel that it warned users about in January.

Among the vulnerabilities not being addressed this month are an Internet Explorer bug the company issued an advisory about this week and a vulnerability in the SMB (Server Message Block) protocol Microsoft is still working to address.

Four of the bulletins were given the highest deployment priority rating of one.

“Thirteen bulletins make this the busiest February we’ve seen from Microsoft, with only four last year and an average of 11 to 12 in the three years prior,” noted Sheldon Malm, senior director of security strategy at Rapid7.

“None of the operating systems escaped this month’s updates. Even the latest versions of Windows have been hit hard this month, with six updates for Vista, eight for Server 2008, and five for Server 2008 R2 and Windows 7. I won’t be surprised if Microsoft is playing catch-up on some lingering vulnerabilities from last year.”